Security Risks of Malicious Use of Large Language Models (LLMs)
SituationAcademic research describes a rapidly evolving environment in which large language models (LLMs) have become easily accessible, highly capable, and increasingly integrated into digital systems. These models demonstrate strong reasoning abilities, fluency, and technical competence, which provide major benefits across industries. At the same time, these same capabilities can be redirected for harmful purposes. The widening availability of open-source model weights, inexpensive compute resources, and permissive fine-tuning tools has lowered the threshold for adversarial use. Researchers consistently observe that advanced models can be manipulated, modified, or repurposed to assist in cyberattacks, misinformation efforts, or other malicious activities. This creates a dual-use dilemma in which general-purpose AI systems unintentionally serve as powerful enablers for threat actors.
ProblemStudies across the academic community highlight several interconnecting challenges associated with malicious LLM use. Attackers are able to exploit the generative and reasoning abilities of these systems to perform tasks that once required expert knowledge. High-quality social engineering content, including spear-phishing messages and impersonation scripts, can be produced at scale and tailored to specific individuals or organizations with minimal effort. Technical exploitation becomes easier because LLMs can explain vulnerabilities, generate proof-of-concept code, refactor malicious scripts, and optimize attack chains. Even individuals with limited experience can receive step-by-step guidance that increases their capabilities far beyond their skill level. LLMs are also vulnerable as systems themselves. Research shows that prompt injection, fine-tuning attacks, unsafe model editing, data poisoning, and model extraction can undermine safety mechanisms or compromise proprietary capabilities. Safety layers can be bypassed through indirect prompting or adversarial crafted inputs, while poorly controlled fine-tuning can degrade safety alignment. These vulnerabilities blur the boundary between attacking with LLMs and attacking the LLMs directly, expanding the overall threat surface.
Risk & ImpactThe consequences of malicious LLM use extend across cybersecurity, societal stability, organizational resilience, and the integrity of the AI ecosystem. In cybersecurity, attackers gain the ability to automate large portions of their operational workflow, leading to more frequent and more convincing phishing campaigns, faster malware development, and scalable reconnaissance. This raises the risk level significantly because the resources required to mount advanced attacks are dramatically reduced. Beyond direct cyberattacks, LLM-generated misinformation poses a societal hazard. Studies describe how synthetic narratives, fabricated evidence, and tailored propaganda can be produced and disseminated at high speed. This enables coordinated influence operations, identity falsification, and erosion of public trust. Organizations face additional exposure because employees may unintentionally introduce sensitive data into external systems or rely on AI-generated outputs that contain subtle errors or manipulations. The global AI ecosystem itself faces long-term risks as models increasingly train on AI-generated data, amplifying inaccuracies and accelerating model collapse.
Preparing for AI based attacksResearcher’s recommendations emphasize a combination of technical, organizational, and strategic measures to prepare for the next generation of AI-enabled threats. Security operations teams are encouraged to incorporate AI-aware detection systems that can identify unusual communication patterns, automated phishing waves, and artifacts characteristic of machine-generated code. Continuous adversarial testing, including deliberate attempts to provoke harmful outputs or bypass model safeguards, helps identify vulnerabilities before they can be exploited. Organizations that deploy or rely upon LLMs should apply strong governance controls, including clear policies for acceptable use, data handling guidelines, oversight of fine-tuning processes, and careful evaluation of third-party AI services. Access to internal models should be controlled, monitored, and auditable to prevent unauthorized fine-tuning or inappropriate queries. Workforce training is essential, as employees must learn to recognize AI-enhanced social engineering attempts and avoid supplying confidential information to untrusted systems. Defensive use of AI is becoming increasingly important. LLMs can support threat detection, assist in incident response, classify malicious content, and analyze vulnerabilities. Integrating defensive models into security tooling helps create an AI-versus-AI dynamic in which generative systems counteract adversarial use. This approach forms a layered defense that blends human expertise with automated reasoning and pattern recognition.
ConclusionAcademic research portrays LLMs as transformative tools that can inadvertently empower malicious actors. Their ability to scale attacks, reduce technical barriers, and streamline complex operations creates a new category of cyber risk that evolves rapidly. These risks can be mitigated through rigorous testing, thoughtful governance, careful deployment, continuous monitoring, and the strategic use of AI for defense. Preparing for AI-based attacks requires a recognition that modern threat actors are augmented by generative models, and that defending against them demands both organizational readiness and technological adaptation.
Linkshttps://link.springer.com/article/10.1007/s42001-024-00250-1
https://www.sciencedirect.com/science/article/abs/pii/S2214212625003217
https://www.mdpi.com/2078-2489/16/9/758
https://arxiv.org/abs/2508.12622